Convert lesson into using DB instead of using regular expression to check the solution

2021-03-14 11:09:07 +01:00
parent c798e4be32
commit d4da2d0efa
5 changed files with 83 additions and 21 deletions
--- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionLessonTest.java
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionLessonTest.java
@ -11,7 +11,7 @@ public class SqlInjectionLessonTest extends IntegrationTest {
    public static final String sql_3 = "update employees set department='Sales' where last_name='Barnett'";
    public static final String sql_4_drop = "alter table employees drop column phone";
    public static final String sql_4_add = "alter table employees add column phone varchar(20)";
-    public static final String sql_5 = "grant alter table to UnauthorizedUser";
+    public static final String sql_5 = "grant select on grant_rights to unauthorized_user";
    public static final String sql_9_account = " ' ";
    public static final String sql_9_operator = "or";
    public static final String sql_9_injection = "'1'='1";